In the unfortunate event that a breach occurs, organizations must have a plan in place to respond and recover. StateRAMP borrows requirements from FedRAMP and NIST 800-53 to define how exactly state and local governments can implement incident response into their overall security infrastructure.